Avast and "unknown device".

Today I remotely installed Avast AV on one PC, replacing illegal cracked NOD32. I uninstalled NOD32 and “the fix”, rebooted PC (everything ok), then installed Avast, rebooted again (complication), updated and rebooted again. After the reboot after installing Avast I saw hardware installation wizard stating that it found “unknown” device and is willing to install it. I allowed it to connect to internet to check out for drivers, but it didn’t found anything. I did a quick checkup to see if some device is missing, but as far as I could tell, no device is missing - SCSi controller, video card, audio card… it’s all there, except this one. After Avast upgraded, nothing has changed.

Can anyone help or point me out how to find what darned device this is?

Computer is in domain, but it’s private, if the domain thing has anything to do with it.

Ivan.

Probably, NOD32 or “the fix” left behind Registry Keys into the following path…

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ …

I connected again to that machine as I am curious what it is… and when I did “details” on that “device”, I got this: ROOT/LEGACY_WS2IFSL/0000 (as I remember). Blue part is correct, as I did a research on that. Turns out it’s some spyware that changes network connection. I also now guess it came with the “fix”. Nice one :wink:

Thanks.

Ivan.

:slight_smile: Hi Ivan:

  So what do you expect when  "crack" version(s)
  of a program are installed on a computer !?
  Sounds like you may need to run some antispyware
  program(s), rootkit-remover program and/or HijackThis !?

Any more info on that spyware and on the changes it has done?

Well, I expected that, and I’ve told a friend that cracked NOD32, no matter how cool it may be, it is a big no-no, as cracks usually enter some more things onto system. Amongst other reasons, that was one of the reasons I’ve gone legal and/or freeware a year ago, ditching every cracked soft I had on my system. I bought only things I could afford (or had to).

As for this particular one, this site, http://www.sarc.com/avcenter/venc/data/trojan.riler.e.html had some information about it’s whereabouts, and measures of cleaning. I’ve just cleaned it - oddly, I had entries only in root\legacy which I deleted, along with uninstalled device, no files whatsoever.

Now it’s running safe and smooth.